Professional Documents
Culture Documents
BRKARC-2034-Care and Feeding of Smart Licensing
BRKARC-2034-Care and Feeding of Smart Licensing
• In this session, you will learn about deploying Cisco products using Cisco’s latest
product licensing vision. Come learn the foundational concepts you need to need to
as you deploy and configure Smart Software Licensing for Cisco products. Together,
we will go over the various scenarios you might deploy Smart License enabled
products in connected and mediated networks.
• For mediated (disconnected) networks, we will present an overview of the Cisco
Smart Software On-Prem, and how product configuration differs when used. By
moving to an ISO-19770 Software Asset Management (SAM) solution, Cisco Smart
Software Licensing simplifies the deployment of Cisco products focusing on usage
(what and how many) and not enforcement. With Cisco Smart Software Licensing
say “goodbye” to Product Activation Keys (PAKs) and License files!
• It is recommended that the student is familiar with Smart Licensing before taking this
session.
• BRKARC-2010 (Smart Accounts and Smart Licensing)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 2
Care and Feeding of
Smart Licensing
Get Set! Get Ready! Go!
#CLUS
Cisco Webex Teams
Questions?
Use Cisco Webex Teams to chat
with the speaker after the session
How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install Webex Teams or go directly to the team space
4 Enter messages/questions in the team space
#CLUS © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Agenda
• Get Ready!
• Smart Licensing Overview
• Smart Accounts Overview
• Get Set!
• Smart License Enabled Products
• Smart Licensing Communications
• Go!
• Deploying Smart License Enabled Products
• Conclusion
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Acronym Decoder
• CSR – Certificate Signing Request • PIDs – Product IDs
• CSSM or SSM – Cisco Smart Software Manager • PLR – Permanent License Reservation
• MSLA – Managed Service License Agreements • TPL – Third (3rd) Party Licensing
(Utility)
• UUID – Universally Unique Identifier
• OOC – Out of Compliance
• VA – Virtual Accounts
• PI – Product Instances
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
BRKARC-2034
Get Ready!
Smart Licensing and Smart Accounts
Smart Software Licensing Overview
Improving the licensing experience
Smart Software Licensing makes the experience for our customers and partners extremely simple in terms
of buying the software, activating it and managing it.
Locked Unlocked
You cannot use more than you paid for. Add users and licenses as needed.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Introduction to Smart Software Manager
Cisco Software Central – software.cisco.com
Network Plug
and Play
Manage
Downloads and Software License
Upgrade Products Tools
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
10
Cisco Software Central – software.cisco.com
Request Smart
Account Access
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
11
Confirm you have authority to create the account
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Editing the Account Domain Identifier
Hint:
The domain
identifier will
populate with
details from
your profile – it
may be edited.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Smart Account already exists?
BRKARC-2010 #CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Smart Account – Requesting Access
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Grant Partner Access to Manage Smart Account
You can grant Partners access to manage the account and your licenses on your behalf by adding them as a User. There are 4
user roles that you can assign Partners to:
Role Access Level Select this when…
Smart Account Administrator Partners can view and manage license You can select this option if only one Partner will
inventory for the entire Smart Account, be managing your entire Smart Account, and also
and can also perform Account if the Partner needs to manage Users and Virtual
management activities. Accounts on your behalf.
Virtual Account Administrator Partners can view and manage licenses You can select this option if the Partner will be
only in specific Virtual Account(s) for managing licenses in specific Virtual Account(s)
which they have been granted access. but not within all the Virtual Accounts. Please note
Partners can also manage Users in the that the Partner will also be able to add/edit and
assigned Virtual Account(s). delete Virtual Account Admins and Users.
Smart Account User Partners can view and manage license You can select this option if the Partner will be
inventory for the entire Smart Account. managing your entire Smart Account, but you
would like to keep control over the Account
management activities (adding/ deleting Virtual
Accounts and User management).
Virtual Account User Partners can view and manage license You can select this option if the Partner will be
inventory for assigned Virtual Account(s). managing licenses within a particular Virtual
Account, but you would like to keep control over
adding or deleting Users within that Virtual
#CLUS Account.
BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Smart Account Creator is automatically provided
User Roles Capabilities in CSC Capabilities in SSM Capabilities in ELA Capabilities in LRP
Virtual Account • View Account Properties • Can perform all activities in • Can perform all activities • Can perform all activities
Administrator • View Assigned Virtual Accounts SSM for the Virtual in ELA linked to the Virtual in LRP linked to the
• Add / Edit / Delete Users (capability to add Virtual Accounts they have Account they have access Virtual Account they have
Account Admins or Virtual Account Users) access to to access to
• View Agreements
• View Event logs (restricted to assigned VAs)
Virtual Account • View Account Properties • Can perform all activities in • Can perform all activities • Can perform all activities
User • View Assigned Virtual Accounts SSM for Virtual Accounts in ELA linked to the Virtual in LRP linked to the
• View Users (only those linked to assigned VAs) they have access to Account they have access Virtual Account they have
• View Agreements to access to
• View Event Logs (restricted to assigned VAs)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Use of Crypto in Smart Licensing
• Smart Agent generates a pair of public and private keys during registration.
• Smart Agent requests CSSM to sign the public key and return in the ID certificate during
registration.
• The following certificates are involved in the process of signing and validating messages:
• Cisco Root CA certificate: the public key of Cisco CA, embedded in Smart Agent.
• Cisco Sub CA certificate: the public key of Sub CA, signed by Cisco Root CA
• Signing certificate: the public key of LCS message singer, signed by Cisco Root CA.
• ID certificate: the public key of product instance, singed by Cisco Sub CA.
• After registration, Smart Agent signs all requests with its private key and CSSM validates the
requests with Smart Agent’s ID cert.
• CSSM signs all responses with private key (in LCS) and Smart Agent validates the responses
with Signing cert.
• All requests and response are encrypted over HTTPS connection.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
18
Introduction to Smart Accounts
What is Cisco Smart Licensing?
• IT Asset Management (ITAM) is a license and product management tool
• IT asset management is an important part of an organization's strategy. It usually involves
gathering detailed hardware and software inventory information which is then used to make
decisions about hardware and software purchases and redistribution.
• IT inventory management helps organizations manage their systems more effectively and
saves time and money by avoiding unnecessary asset purchases and promoting the harvesting
of existing resources.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Smart Account – Overview
• A Smart Account is a single place where
Customers can obtain visibility to their software
and entitlements.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
How Does Smart Software Licensing Work?
Cisco Smart Licensing is a new way of thinking about licensing at Cisco that is being applied to all products.
Smart Licensing provides a Software Inventory Management System that provides Customers, Cisco, and Selected
Partners with information about Software Ownership and Software Utilization
Ownership Usage
Cisco Commerce Big University Entitlement and Product
Workspace (CCW)
I am Device-East5, I belong to Big University
and I am using 1 Advanced License
Users & Roles
Licenses
I have purchased 5 Advanced
Licenses for Big University bigu.edu
You are Device-East5, belonging to
Big University and the Admissions
Devices Department you are ‘In-Compliance’
Agreements
I own +5
I am using +1
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
What is a Smart Account
Architected as a “container” - for more than licenses
Asset Pooling Track Purchases
Pool assets, user roles and Review purchases of Cisco
agreements for visibility of Software entitlements and
company license allocate new resources.
entitlements.
Today Future
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
With My Cisco Entitlements you can...
Secure all and gain Efficiently manage assets Effectively use assets
insights on your and entitlements and entitlements
• Hardware/Devices • Organize products and services • Register products and
• Licenses • Manage simple and secure services
• Subscriptions access controls • Generate or rehost
• Perform Move-Add-Change- licenses
• Services
Delete • Download software
• Insights
• Track devices • Create support cases
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Connecting Smart Accounts, Smart Licensing,
Asset Mgmt., Entitlement Mgmt., and Telemetry
for Digital Business Secure Customer Centric
Organized Access
Efficient Consumption
Unified View
Auto-Provisioning
Smart Self-serve Capabilities
Data Center
Licenses
Campus Access
Devices
bigu.edu
Computer Lab
Agreements
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Smart Accounts – Virtual Accounts
Assets are represented as company owned allowing effortless sharing
across your enterprise
Licenses
Campus Access
bigu.edu
Devices
Computer Lab
Agreements
Create sub-accounts to
reflect organization’s
construct.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Smart Accounts – Virtual Accounts
Assets are represented as company owned allowing effortless sharing
across your enterprise
Virtual Accounts
Data Center
Overall Cisco Licenses
Warning and Notifications -25
Users & Roles
For Hybrid Create/Copy Enter Register Platform uses Users & Roles
Agreements
Customer Smart
SL State= Account identified Out-of
SL State= Compliance
Un-identified
Registered
Using more licenses
than entitled to
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Smart Licensing Work Flow - ID Tokens
An ID Token: An ID Tokens is NOT:
• Can be used once – or reused
multiple times • Product specific
• Can be created and revoked at any • Licenses or keys or PAKs
time • “one-time use”
• Expires after a period of time (default • Stored on the Cisco Product
is 30 days; Minimum of 1 day and a • Needed after the product is
maximum of 365 days) registered
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Enable Smart Software Licensing
Select:
Inventory
Click:
New Token
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Enable Smart Software Licensing
Provide:
ID Token Description
Decide:
Allow enablement of
Export Controlled
functionality
(functionality varies
by product)
Note: Enabled by default if
Export Control is allowed for
this Smart Account
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Smart Licensing Work Flow - ID Tokens
Select ”Copy”
from “Actions”
drop-down
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Smart Licensing Work Flow - Registration
Paste the “ID Token” created in your Smart Account directly into the CLI
Hybrid Products Smart Only Products
device> en
device# config t
device(config)# license smart enable
device(config)# end
device# license smart register idtoken <id token> device# license smart register idtoken <id token>
<id token>
“ID Token” is copied from Smart Account either manually via Cisco API’s
Can be used once – or multiple times
Can be used on any or every Cisco product
Can be created and revoked at any time
Can be created and accessed via APIs
Expires after a period of time (default is 30 days; Minimum of 1 day and a maximum of 365 days)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Smart Licensing Work Flow - Hybrid Products
Smart-Device>en Notes:
Smart-Device#config t
This command is used on platforms
Enter configuration commands, one per line. End with CNTL/Z.
Smart-Device(config)# license smart enable
that support BOTH Classic and
Smart-Device(config)# Smart Software Licensing.
*Oct 15 09:38:59.300: %SMART_LIC-6-AGENT_ENABLED: Smart Agent for
Licensing is enabled Reload may be required to switch
*Oct 15 09:38:59.301: %SMART_LIC-6-HA_ROLE_CHANGED: Smart Agent HA licensing mode.
role changed to Active.
*Oct 15 09:39:00.302: %PKI-4-NOCONFIGAUTOSAVE: Configuration was
Smart Call Home is automatically
modified. Issue "write memory" to save new IOS PKI configuration
*Oct 15 09:39:00.302: %CALL_HOME-6-CALL_HOME_ENABLED: Call-home is
enabled when Smart Software
enabled by Smart Agent for Licensing. Licensing is enabled.
*Oct 15 09:39:00.302: %SMART_LIC-5-COMM_RESTORED: Communications with
Cisco licensing cloud restored Device responds with message
Smart-Device(config)# when successful.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Smart Licensing Work Flow - Registration
Smart-Device#license smart register idtoken <paste>
Registration process is in progress. Use the 'show license status' command to check the progress and result
Smart-Device#% Generating 2048 bit RSA keys, keys will be exportable...
*Oct 15 12:54:41.741: %RF_ISSU-3-INVALID_SESSION: RF ISSU client on domain (0) does not have a valid
registered session.
[OK] (elapsed time was 1 seconds)
*Oct 15 12:54:41.741: %SSH-5-DISABLED: SSH 1.99 has been disabled
*Oct 15 12:54:42.492: %SSH-5-ENABLED: SSH 1.99 has been enabled
*Oct 15 12:54:42.533: %PKI-4-NOCONFIGAUTOSAVE: Configuration was modified. Issue "write memory" to save new
IOS PKI configurationWait for IIC event to get throughput higher than 100K
*Oct 15 12:54:49.966: %SMART_LIC-5-COMM_RESTORED: Communications with Cisco licensing cloud restored
*Oct 15 12:54:50.030: %SMART_LIC-6-EXPORT_CONTROLLED: Usage of export controlled features is Allowed
*Oct 15 12:54:50.030: %SMART_LIC-6-AGENT_REG_SUCCESS: Smart Agent for Licensing Registration with Cisco
licensing cloud successful
*Oct 15 12:54:50.030: %SMART_LIC-5-EVAL_START: Entering evaluation period
*Oct 15 12:54:50.030: %VXE_THROUGHPUT-6-LEVEL: Throughput level has been set to 100 kbps
*Oct 15 12:54:56.614: %SMART_LIC-3-OUT_OF_COMPLIANCE: One or more entitlements are out of compliance
*Oct 15 12:54:56.614: %SMART_LIC-6-AUTH_RENEW_SUCCESS: Authorization renewal with Cisco licensing cloud
successful. State=OOC
Note:
In this example the device is communicating that no available licenses are in the
Virtual Account
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Smart Licensing Work Flow – Usage Reporting
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Smart Licensing Work Flow – Usage Reporting
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Smart Licensing Work Flow – Usage Reporting
Smart-Device#license smart renew auth Note:
Authorization process is in progress. Use the 'show license status' command to checkForce
the progress and
an authorization renewal
result
Smart-Device#
*Oct 15 13:03:54.199: %VXE_THROUGHPUT-6-LEVEL: Throughput level has been set to 50000 kbps
*Oct 15 13:03:54.199: %SMART_LIC-6-AUTH_RENEW_SUCCESS: Authorization renewal with Cisco licensing cloud
successful. State=authorized
Smart-Device#
Smart-Device#show license status
Smart Licensing is ENABLED
Registration: Note:
Status: REGISTERED
Smart Account: Canada Motors Inc. Device updates state
Virtual Account: Cisco-TAC
Export-Controlled Functionality: Allowed
Initial Registration: SUCCEEDED on Oct 15 12:54:49 2017 UTC
Last Renewal Attempt: None
Next Renewal Attempt: Apr 12 12:54:49 2017 UTC
Registration Expires: Oct 14 12:48:59 2017 UTC
License Authorization:
Status: AUTHORIZED on Oct 15 13:03:54 2017 UTC
Last Communication Attempt: SUCCEEDED on Oct 15 13:03:54 2017 UTC
Next Communication Attempt: Nov 14 13:03:53 2017 UTC
Communication Deadline: Jan 13 12:58:06 2017 UTC
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Enable Smart Software Licensing
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Smart Licensing Work Flow – Usage Reporting
• Verify licensing status
csr1kv# show license status
Tue Sep 29 07:34:36.023 PDT
License Authorization:
Status: AUTHORIZED on Mon Sep 28 2017 21:56:10 PDT
Last Communication Attempt: SUCCEEDED on Mon Sep 28 2017 21:56:10 PDT
Next Communication Attempt: Wed Oct 28 2017 21:56:10 PDT
Communication Deadline: Sun Dec 27 2017 11:49:16 PDT
csr1kv#
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Smart Licensing Work Flow – Product Config
Reference
IOS XE Based Product Example
Product Specific Configuration Guides Found at: cisco.com/go/smartlicensing
Enable Smart License for Hybrid license smart enable
Products
* See Product specific Configuration guide to determine if your product defaults
to traditional licensing
Insert Authentication token into (Exec Mode)
Device license smart register idtoken <idtoken from CSSM or CSSM sat>
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Smart Licensing Work Flow – Product Config
Reference
IOS XE Based Product Example
Product Specific Configuration Guides Found at: cisco.com/go/smartlicensing
Complete ip name-server server-address
Basic IP ip name-server vrf Mgmt-vrf server-address
Connectivity ip domain lookup source-interface interface-type interface-number
ip domain name example.com
Configuration
ip http client source-interface interface-type interface-number
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
Understanding Product Licensing State
Smart License Product States
• Registered state
Product has been associated with a valid Smart Account
Un-
• Authorized state (In Compliance) Registered
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Smart License Product States – Licenses
• One a product has been successfully registered, it can be configured
to use an licenses via CLI
Un-
• A Entitlement Message is sent when Product is Registered
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Entitlement Authorization Request or Renewal
• Authorization based on Cryptograph ID certificate
• Valid for 1 Year, renewed will be sent every six months
Un-
• If there is a Communications Failure sending the Registered
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Registration ID Certificate Renewal
• If there is a Communications Failure sending the
message, the retry interval will be as follows:
Un-
• One per hour until success Registered
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Understanding Product Licensing
Communication
Smart Product Telemetry & Visibility
• Industry Standard HTTPS (SSLv3*/TLS)
• Protects User’s Privacy! 01100101
100101011011
• HTTP over TLS used for Transport encryption 101001001010
0101101100100
• Telemetry sent to Cisco is User Configurable 001010011001
11010110101
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Smart Product Telemetry & Visibility
How does HTTPS work?
• Smart Agent generates a pair of public and private keys during registration.
• Smart Agent requests CSSM to sign the public key and return in the ID certificate during
registration.
• The following certificates are involved in the process of signing and validating messages:
• Cisco Root CA certificate: the public key of Cisco CA, embedded in Smart Agent. Validation
• Cisco Sub CA certificate: the public key of Sub CA, signed by Cisco Root CA Signing
• Signing certificate: the public key of LCS message singer, signed by Cisco Root CA.
• ID certificate: the public key of product instance, singed by Cisco Sub CA.
• After registration, Smart Agent signs all requests with its private key and CSSM validates the
requests with Smart Agent’s ID cert.
• CSSM signs all responses with private key (in LCS) and Smart Agent validates the responses
with Signing cert.
• All requests and response are encrypted over HTTPS connection.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Smart License Product Telemetry
• The Cisco Smart License requires the following minimal exchange of information during
install/provisioning time.
Cisco Smart
Software Manager
Information Collected Required?
Trusted Unique Identifier
Yes
(SUDI/SUVI/ID) HTTPS
-or-
Licenses Consumed Yes
Organization Identifier (ID Token) Yes Cisco Checks:
Hostname No Offline Licenses
Device IDs
AAA ID of User Making Change No On Premises Business Rules
Feature Tags No Smart Software
Then
Manager
Other Smart Call Home Information No Authorizes Use
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Smart Product Data Interchange & Visibility
Information exchanged
• Required information includes:
• Unique identifier for the device.
• Licenses that are being used.
• Organization identifier (ID Token created in your Smart Account). This is a single
cryptographically signed key that will be used for all products and installations in
your network anywhere in your company.
• When your product connects to Cisco, it will return its certificate (public key with a
label identifying Cisco as the owner)
• The browser checks if the certificate is valid:
• Owner information needs to match the server name (OR IP) that the user requested.
• Certificate needs to be signed by a trusted certification authority.
• If these conditions is not met, the product will reject the HTTS connection
• After the verification, the product extracts the public key and uses it to encrypt some
information before sending it to the Smart Call Home Server
• The Smart Call Home Server can decrypt it because it has the matching private key.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Go!
Deploying Smart License Enabled
Products
Deploying Smart License Enabled Products
Access To Cisco
1
over the
Cisco product sends usage information directly
+ internet or through a HTTP Proxy Server. No additional
2 components are needed.
Ease of use
3
Cisco products send usage information to Smart Software
+ Manager locally installed. Periodically, exchange information
4 automatically in connected environments or manually in
SSM
disconnected environments.
On-
Prem
Smart License
• Cisco Smart
(Packet Delivery) Software Manager
SCH
Smart Agent
of data)
Home Server
Smart Call
Cisco Smart Call
Product Home
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Smart Call Home – Smart Licensing Only
• Service Active
Enable call-home service
• Contact-email-addr sch-smart-licensing@cisco.com
Contact email address is mandatory for sending SCH notifications. If it is configured as sch-
smart-licensing@cisco.com, the email address configured in Cisco Smart License Portal will be
used
• Profile CiscoTAC-1
Call-home profile CiscoTAC-1 is configured to send Smart licensing message by default
• Active
Enables profile to be used
• destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
Configure HTTP destination address with service URL
• destination transport-method http
Change transport method to HTTP (this includes HTTPS)
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/callhome.html
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Smart Call Home – Smart Licensing Only
• Smart License does not require ALL of Smart Call Home
• Smart Call Home reporting CAN be disabled
• Smart License only uses the Call Home Client (Packet Delivery)
• When Smart Call Home reporting on the Product is not used,
• contact-email-addr must be configured as sch-smart-licensing@cisco.com
❌ This is NOT an email address – it just looks like one
❌ Inventory is not sent
❌ Configuration information is not sent
❌ Environmental conditions is not sent
❌ Diagnostics to include syslog events is not sent
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Smart Call Home – Default CSR1000v
Configuration
service call-home
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to
send SCH notifications. Automatically added on Smart License enablement.
contact-email-addr sch-smart-licensing@cisco.com Do not change!
rate-limit 20
alert-group-config snapshot Here is where you limit data sharing:
data-privacy level normal data-privacy {level {normal | high} | hostname}
syslog-throttling reporting no-call-home-data | Only hostname can be sent.
Not all products support call home data sharing.
profile "CiscoTAC-1"
active
no anonymous-reporting-only
Automatically added on Smart License enablement.
reporting smart-call-home-data
Do not change!
reporting smart-licensing-data
destination preferred-msg-format xml
destination message-size-limit 3145728
destination transport-method http
no destination transport-method email Note: No SCH email sent by default.
destination address email callhome@cisco.com
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService Authorized Backend URL
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Method 2
Proxy / Gateway
Transport Gateway or Proxy
1 HTTPs Request
2 HTTPs Response
proxy-server tools.cisco.com
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Transport Gateway or Proxy
Configuration Example
• Change HTTP destination address of CiscoTAC-1 profile to TG service URL.
asr9k#conf t
asr9k(config)#call-home
asr9k(config-call-home)#profile CiscoTAC-1
asr9k(config-call-home-profile)#no destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
asr9k(config-call-home-profile)#destination address http https://proxy-server
asr9k(config-call-home-profile)#commit
asr9k(config-call-home-profile)#end
asr9k#
asr9k#show running-config call-home
call-home
profile CiscoTAC-1
destination address http https://tg-server
!
!
NOTE: The default destination to cisco must be removed when configuring when
using with proxy, or On-Prem
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Smart Product Telemetry & Visibility
(Standard Client HTTPS)
SSL :443
Certificate
CN=www.cisco.com Cisco.com
Signer= Verisign CA
Expires=Jan 1, 2011
GET / (Encrypted)
200 OK (Encrypted)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Transport Gateway or Proxy
(HTTPS proxy)
Decrypt / Pass through / Drop?
SSL
SSL
:433
:433
Certificate Cisco.com
Certificate (unmodified)
Pass Through
Traffic Tunneled
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Method 3 & 4
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
SSM On-Prem – Deployment Model Overview
Smart Software
Manager
On-Prem
Supports multiple Scales up to 10,000 Provides online or offline Similar User Interface Enables faster code
local accounts products and 500 local connectivity to Cisco SSM drop and feature parity
accounts at Cisco SSM
To get a more detailed description of Smart Software Manager On-Prem solutions in the User Guide
https://www.cisco.com/go/smartlicensing
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
How does Cisco SSM On-Prem Work?
1 2 3
Install/Register to Synchronize Local
Self-Register/Report
Cisco SSM Database
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Cisco SSM On-Prem Benefits
Trusted Real-time Utilization Increased Unlocked Cost
Security Entitlement Visibility Control Reduction
Secure on- Near real-time Complete view of Flexible licensing Elimination of the Save time and
premises single license entitlement software, services, pooling enable node-locking of money through
source of truth of based on and devices in licenses to be licenses to efficient license
license synchronization easy-to-use portal. reused across devices, simplifies usage
consumption schedules with devices and the the RMA process
backend install organization
base
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
SSM On-Prem vs satellite - Highlights
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Licensing Admin
Smart Software Manager On-Prem - Workspac
e
Workspac
e
Setup/Registration
Approve
Kickstart Network User Request On-Prem Manage
New Account Account
Installation Configuration Operational Account
Request
or Register an
System
Account to
Configuration Request Product
Cisco SSM
Access to Registration
An Existing
User Creation/ Account
Authorization
Periodic Sync
Customer Customer User logs Admin to
downloads VM configures VM in and approve
off cisco.com with IP selects Account
and installs address, DNS, Request Admin needs the
following info:
NTP Account
o Cisco Smart
Account
o Cisco Virtual
Account
o Cisco UserID and
password
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Smart Software Manager On-Prem -
Requirements
• The Free installation package is available in ISO installable via
Bootable Media
System Requirements
(Customer Provided):
ISO
Smart Software Manager On-Prem Minimum Recommended
Containers
Database
200 GB Hard Disk 200 GB Hard Disk
Crypto Services
License/Admin 8GB Memory 8GB Memory
License Services Workspace
2 vCPUs 4 vCPUs
(Centos 7)
4000 products 10000 products
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Cisco Smart Software Manager On-Prem -
Installation
• Deploy the ISO into either a VM or bare metal
• Configure IP address (IPv4 and/or IPv6)
• Configure Netmask / Prefix
• Configure Default Gateway
• Configure DNS
• Connect to Administration portal via a browser
• Login as default “admin/CiscoAdmin!2345” user
• Change the admin’s default password
• Register Account(s) with Cisco Smart Account/Virtual Account
• Synchronize Account(s) with Cisco Smart Account(s)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Cisco Smart Software Manager On-Prem
HTTP/HTTPS communication:
• Products communicating with Smart Software Manager On-Prem via HTTPS use one of two
Cisco signed certificates dependent on the smart agent version
Older
\ Products: Newer Products:
• Smart Agent versions prior to 1.5 • Smart Agent versions 1.5 and later
• Use a 3-tier certificate • Use a 4-tier certificate
• Must wait 10 business days for Cert to • Can be registered with no delay
be available and synchronized
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Show License All (ASAv)
asa971# show license all License Usage
==============
Smart Licensing Status
====================== ASAv30 Standard - 2G (ASAv-STD-2G):
Description: ASAv30 Standard - 2G
Smart Licensing is ENABLED Count: 1
Version: 1.0
Registration: Status: OUT OF COMPLIANCE
Status: REGISTERED
Smart Account: CISCO LIVE Product Information
Virtual Account: JLN-Sat ===================
Export-Controlled Functionality: Allowed UDI: PID:ASAv,SN:9AJP2PTBH1L
Initial Registration: SUCCEEDED on Feb 08 21:24:22 2017 UTC
Last Renewal Attempt: None Agent Version
Next Renewal Attempt: Mar 10 18:57:40 2017 UTC =============
Registration Expires: May 09 14:04:18 2017 UTC Smart Agent for Licensing: 1.6.4_rel/63
License Authorization:
Status: OUT OF COMPLIANCE on Feb 08 21:24:34 2017 UTC
Last Communication Attempt: SUCCESS on Feb 08 21:24:34 2017 UTC
Next Communication Attempt: Feb 09 09:24:34 2017 UTC
Communication Deadline: May 09 14:04:18 2017 UTC
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
How do I deploy products with Smart Software
Manager On-Prem ?
• Products register to On-Prem the exact the same way as with
Cisco
• Change the ‘Authorized Backend Address’ (See product documentation)
• Example for IOS Devices:
call-home
profile CiscoTAC-1
no destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address http https://<ip.address>:443/Transportgateway/services/DeviceRequestHandler
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Product Registration with Strict Cert Checking
HTTPS, by default, will do a server identity check during SSL handshake which verifies destination
URL is the same Common Name (hostname or ip) filled in certificate.
• If you can change the URL for your device • If you can change the URL for your
to point to:
https://CiscoOn-Prem/Transportgateway device to point to
https://10.20.30.40/Transportgateway
• That means your device can
resolve CiscoOn-Prem to 10.20.30.40 • That means you need to configure the On-
Prem name to 10.20.30.40
• In regular IOS you can do this by configuring:
“ip host CiscoOn-Prem 10.20.30.40” • This will cause the Cert to be assigned to
CN=10.20.30.40
• Or change DNS name to match.
Note: If product supports it, you can use “no http secure server-identity-check” to disable
the check and keep using ip address in URL.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Key Features in SSM On-Prem
Multi-tenancy: Manage multiple customer accounts in a single management portal
• Administration Workspace only accessible by System Admin and System Operators
• Licensing portal is for Smart Licensing and Administration.
• Multiple levels of RBAC (Admin, Operator, User)
Security Enhancements:
• Separate Workspace for Licensing and Administration:
• CentOS 7 Security Harden Kernel
• User Authentication Control: LDAP or OAuth2
Networking Support
• IPv4 and IPv6 support
• Multi-NIC: multiple interfaces for traffic separation between network management and product instance registrations.
Proxy support: Allow for satellite to have a proxy between itself and Cisco Smart Software Manager for traffic separation
• Firewall Zones: Ability to configure interfaces for Internal (access) or External (no access)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Key Features in SSM On-Prem
Longer Sync Intervals
• Native 365-day Synchronization Schedule
• Allow satellite to functions as long as it synchronizes with Cisco once a year.
API Support
• Resource and Owner credentials grant supported
• 5 major API groups for over 15 unique APIs
Improved Scalability
• 500+ accounts
• 10,000 Product Instances
• Active development in progress to increase scale
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Smart Software Manager On-Prem:
Licensing Portal vs. Admin Portal
Licensing Portal Administration Portal
Enables internal administrative functions
including user control, account
Similar functionality to software.cisco.com
management, registration,
synchronization, and much more
Users can manage their local accounts, Supports additional functionality including
users, product instances, devices and external authentication, syslog and proxy
licenses support
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Licensing and Administration Portal Roles
Licensing Portal Roles Administration Portal Roles
Similar to CSSM Smart Account and Virtual Account System Users System Operators
roles but at the local level within the satellite. Have full admin access to
Have read-only
permission on the Admin all the local accounts, can
portal and have role perform local Account
Local Account Admins based access control in registration/synchronization,
the licensing portal & can not change system
configurations
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Administration Workspace
Manager Users with different level of authority Synchronization with Cisco (online & offline)
on On-Prem EE. Each system user can have a
different RBAC on Licensing portal
Register Accounts to your CSSM Smart Local Software Download repository were
Account/Virtual Account pair you can host software images for purchased
products.
Enable/Disable On-Prem API access, create
Client and Resource Grant types
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Administration Workspace - System RBAC
• All Users: • System Admin
• Can be local, or authenticated • Full System access
with an external system • Access to all Account(s)
• Local users have preference over
• System Operator (restricted)
authenticated users
• No ability to change system
• Are not required to have Cisco configurations
CCO Accounts • Access to all Account(s)
• Must have access to Smart
Account Admin access at Cisco • System User (restricted)
to create local On-Prem account • Limited to License Workspace Only
• Access to all Account(s)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Administration Workspace – Registration
• All Accounts map to a Smart Account/Virtual Account
• Customer requests account; email alert is sent to System Admin(s)
• System Admin performs account creations and grants user Access
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Administration Workspace – Registration
How Smart Software Manager On-Prem see’s Virtual Account Mapping
has
Smart Account 1
Virtual Account
1
Sync
Entitlements
SSM On-Prem has Default Local consumes
Local Account 1 1 Virtual Account Instances
Account consumes
Instances
Entitlements
Local Virtual
Account
consumes
Instances
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 93
Administration Workspace – Registration
Example: On-Prem Accounts to Single Smart Account
Accounts
Department 1 software.cisco.com
Department 2
Virtual Account
Department 3
Licensing Workspace
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Administration Workspace – Registration
Example: On-Prem Accounts to Multiple Smart Account
Accounts
Customer 1 software.cisco.com
Customer 2
Virtual Account BigU.edu
Customer 3
Manager On-Prem
Virtual Account SmallU.edu
Licensing Workspace
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Smart Software Manager On-Prem - Registration
Customer SSM On-Prem CSSM LCS
2 Registration Request
3 4-Tier Cert Request
Optimization Opportunity #CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Smart Software Manager On-Prem via Proxy
Customer SSM On-Prem Proxy CSSM
4 Registration Response
5 Registration Response
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Deployment Modes – Connected v. Disconnected
Connected Disconnected
• Mode is used when there is direct connectivity • Mode is used when there is no connectivity to
to cisco.com from the satellite cisco.com from the satellite
• License consumption and entitlement can be • Satellite can be synchronized with Cisco SSM
synchronized with Cisco SSM on-demand or via a file upload and download
automatically via scheduling
• Standard model for EE, easiest to deploy
Cisco
Cisco
Automatic
Updates Periodic
Updates
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Smart Software Manager On-Prem - Registration
• At registration there are 2 files exchanged between Smart Software Manager On-
Prem and Cisco
• Registration file (Smart Software Manager On-Prem Cisco)
• Authorization file (Cisco Smart Software Manager On-Prem )
• During normal operation, there are 2 different files exchanged between Smart
Software Manager On-Prem and Cisco
• Sync Request file (Smart Software Manager On-Prem Cisco)
• Sync Response file (Cisco Smart Software Manager On-Prem )
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Smart Software Manager On-Prem - Registration
At registration there are 2 files exchanged between CSSM On-Prem and Cisco
CSSM On-Prem
Registration file swapi.cisco.com
CSSM On-Prem
Sync Request file swapi.cisco.com
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
SSM On-Prem– Sync Request
• id_cert, signing_cert, csr, signatures
Certificate information to secure communication between Smart Software Manager On-Prem
and Cisco
• last_generated/last_sync
timestamps used to get the (delta)synchronization data.
• virtual_accounts
This contains the virtual accounts, registered product instances and licenses in the Smart
Software Manager On-Prem .
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
SSM On-Prem – Sync Request
:sync: 2.0.0, Information Collected Required?
:version: 2.0.0
:id_cert: |- XXXXXXXXXXXXXXXXXX
Trusted Unique Identifier
Yes
(SUDI/SUVI/ID)
:collector_id: 4cdd0470-e5e4-0132-a310-005056841670
:csr: |- Licenses Consumed Yes
:last_sync: 2017-Jun-22 08:50:35 UTC Hostname No
:last_generated: 2017-Jul-20 11:22:16 UTC
:virtual_accounts: AAA ID of User Making Change No
- :id: 101342
:name: Ross-1 Feature Tags No
:product_instances:
- :id: 2373d312-2cd8-4029-9517-8c60037cca8c Other Smart Call Home Information No
:registration_date: 2017-Jun-12 07:25:40 UTC
:last_contact_date: 2017-Jul-02 06:13:47 UTC
:is_active: true
:software_tag_identifier: regid.2013-08.com.cisco.CSR1000V,1.0_1562da96-9176-4f99-a6cb-14b4dd0fa135
:udi_pid: CSR1000V
:hostname: CSR-1000v
:ip_address: NOTE: hostname is sent by default, to disable sending
:mac_address:
:udi_serial_number: 97YZFA9VYJK the hostname, configure:
:host_identifier: cfg-call-home# data-privacy hostname
:licenses:
- :tag_id: 1146
:tag: regid.2014-05.com.cisco.ax_2500M,1.0_3e0288f3-4838-47c2-93a8-3d8743850f0c
:consumed_quantity: 1
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
SSM On-Prem– Sync Response File
• id_cert, sub_ca_cert, signing_cert, local_sub_ca_cert, signature
Certificate information to secure communication between Smart Software
Manager On-Prem and Cisco
• collector_instance_id
• On-Prem_name
• last_generated/last_sync
timestamps used to get the (delta) synchronization data.
• Synchronization Information
Includes info about virtual accounts and licenses from Smart account to
Smart Software Manager On-Prem .
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
SSM On-Prem– Sync Response
Information Collected Required?
Trusted Unique Identifier
Yes
(SUDI/SUVI/ID)
:data:
:authentication: Licenses Consumed Yes
:id_cert: |- Hostname No
:local_sub_ca_cert:
:collector_instance_id: 4cdd0470-e5e4-0132-a310-005056841670 AAA ID of User Making Change No
:On-Prem_name: Ross-SSMS-SCH4.1.2-Prod-OVF10
:last_generated: 2017-Jul-20 11:25:48 UTC
Feature Tags No
:last_sync: 2017-Jul-20 11:22:16 UTC Other Smart Call Home Information No
:synchronization:
:products:
- :id: 3662
:display_name: Cisco IOS XRV 9000 Router
- :id: 3642
:product_type: IOSXRV
:software_tag_id: regid.2017-07.com.cisco.IOS-XRv9000,1.0_5a181e3a-27db-4cbc-8996-fb083ddbd594
- :id: 3682
:virtual_accounts:
- :id: 101342
:name: Ross-1 Any additional licenses added to Smart Account since prior
:smart_account_id: 10560 synchronization.
Any new product SKUs and corresponding entitlement tags added to
CSSM
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
SSM On-Prem vs satellite Sync Behavior
Previously, if SSM satellite doesn’t sync with CSSM after 90-days, it no longer functions
properly and a new satellite need to be redeployed/PIs re-registered.
Satellite Enhanced Edition relaxes this rule such that it doesn’t need to sync to CSSM for
1 year and continue to function until 364th day.
• This allows Smart Licensing to address synchronization frequency issue for customers
who are not able to sync with CSSM within prior 90 day limits.
• SSM ON-Prem local Accounts still expires after 365 days. Satellite has to be re-deployed
and all its PIs re-registered
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Administration Workspace
• Smart Software Manager On-Prem should synchronize with Cisco
every 30 days
• Automatic if Network Attached
• By manual file transfers in disconnected Mode
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Smart Software Manager On-Prem Sync with
CSSM
SSM On-Prem
Customer CSSM
Sync Response
Sync Response
N Accounts
Periodic Sync Request
Sync Response
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Administration Workspace
• Set custom text message when logging in to On-Prem
• This message will be displayed on the login page
• Enable remote logging and configure access to a syslog server
• Enable email notifications and configure email server settings
• Configure NTP server settings and sync system clock
• Enable a Message of the Day when accessing CLI via SSH
• This message will be displayed after the user logs in.
• Note: Content is stored on the filesystem in /etc/motd.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Administration Workspace
• Configure either OPEN LDAP for User Authentication
• Only one can be selected
• LDAP:
• Setup Server IP/FQDN
• Set Base DB
• Choose Authentication Method (currently on plain supported)
• LDAP Group RBAC Assignment:
• Setup Configure optional LDAP Group Authentication Base DN and Object Class
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Administration Workspace
• General Settings
• Configure On-Prem host name
• Configure Default Gateway
• Configure DNS servers (Primary plus 2 backups supported)
• Network Interface
• List of interfaces available to On-Prem
• Ability to configure each interface and assign it a Zone
• Proxy Settings
• Enable/Disable Proxy to Cisco
• Configure proxy IP/FQDN and Credentials
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Product Registration via Proxy
Customer Smart Agent Proxy On-Prem
1 Get Token ID
5 Response
6 Response
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 115
Administration Workspace
• Enable/Disable Local Software Download Server
• You must allocate disk space when On-Prem is deployed (0% by default)
• When enabled, a software download section will be available in License
Workspace
• Manually Add Cisco Software
• Product Family, Image Name, Description, Version, and Release Date
• Software Download Section (License Workspace)
• If an Account as a license matching the Product Family of an image
software uploaded, the image will be available for the User to download.
• If an Account does not have a matching Product Family, the software
image will not be shown.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Administration Workspace
• License APIs • Token APIs • Smart Account APIs
• Smart License Usage • Create Tokens • Account Search
• License Subscriptions • List Tokens • Validate User Access API
Usage Revoke Tokens
•
• Virtual Accounts APIs
• Transfer Licenses
• Device APIs • Create Local Virtual
• Smart License Alerts Account
• Product Instance Usage
• List Alerts Delete Local Virtual
• Product Instance Search •
Account
• Product Instance Transfer
• List Local Virtual Accounts
• Product Instance Remove
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
License Workspace
• Smart Licensing • Alerts
Track and manage Smart • Inventory
Licensing.
• Reports
• Preferences
• On-Prems
• Activity
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Product Registration – Same Local Account
Customer Smart Agent On-Prem
1 Get Token ID
4 Response
5 Entitlement Auth
4a Response
5a Entitlement Auth
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
License Workspace
• Request an Account Account Properties
Get an Account for your organization.
Local Virtual Accounts
• Request Access to an Existing
Account Manage Users Account Access
Submit a request for access to an
Account Custom Tags
• Manage Account User Groups
Modify the properties of your Accounts
and associate existing User IDs with Event Logs
Accounts.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Smart Software Manager On-Prem
High Availability
Smart Software Manager On-Prem HA
Deployment Configurations
New with 6.3
Active Standby
CSR1kv
CSR1kv
CSR1kv
CSR1kv
CSR1kv
CSR1kv
CSR1kv
CSR1kv
CSR1kv
CSR1kv
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
High Availably Deployment Procedures
• Install “Active“ On-Prem and register as normal
• Install “Standby” On-Prem but do not register (JUST configure the IP address)
• SSH in the Active On-Prem
• RUN the deploy HA Script
• Follow instructions to configure HA
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Smart Software Manager On-Prem – HA Active
Passive
Active Standby
Pacemaker is an open source cluster resource manager which
coordinates resources and services in a HA cluster. In essence, DB
DB
Corosync enables servers to communicate as a cluster, while
On-Prem Pacemaker provides the ability to control how the cluster On-Prem
Pacemaker behaves. Pacemaker
vSwitch vSwitch
VMware ESXi VMware ESXi
VIP Address 10.1.1.1
Service Address 10.1.1.2 10.1.1.3
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Smart Software Manager On-Prem – HA Active
Passive
Active
Standby
Corosync - Messaging layer which enables
Admin UI Lic UI servers to communicate as a cluster, Admin UI Lic UI
On-Prem Pacemaker is an open source cluster resource On-Prem
PostgreSQL manager (CRM) PostgreSQL
Tomcat® is an open source Java Servlet
Pacemaker Container Pacemaker
Corosync Postgres is an open source Relational Corosync
Database Management System (RDBMS)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
New Simpler HA Deployment Procedures
• If master fails, standby is brought online automatically and starts responding to VIP
address.
• Any PI attempting to register during switch over will retry and when standby is ready
• Switch over takes less than 1 minute
• When master comes back online, standby will detect & go back to standby mode.
• If master can’t recover, deploy a new master. Use a prior backup (or pull a current
backup from standby On-Prem), restore master with the backup, and master will
take over.
• If both master and standby fails, deploy two new On-Prems and restore from
backup.
• When standby is down, system will report it is in “degraded mode”
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Method 5
License Reservation
Introduction to License Reservation
The Smart Account must be authorized for License Reservation:
• Must have enough available licenses (Over subscription is not allowed)
• Smart Account must be authorized for any Export Restricted Functionality
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Permanent License Reservation
• Manually exchange short ASCII strings with CSSM
• Two way data exchange via ASCII strings
• Product Request (UDI/vUDI, etc.) entered into CSSM (~ 32 characters*)
• CSSM returns an authorization locked to UDI/vUDI (34 characters)
1
Get UDI/vUDI Type UDI/vUDI
Request Request
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Permanent License Reservation
• Transfers between Virtual Accounts is allowed
• License consumption and product must transfer together
• Increased license consumption is allowed and unrestricted (due to
“Universal” nature of license)
• User may un-register product to release licenses to their pool
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
Specific License Reservation
• Manually exchange information (copy and paste) with CSSM
• Two way data exchange via ASCII strings
• Product Request (UDI/vUDI, etc.) entered into CSSM
• Requested licenses and quantities chosen in CSSM
• CSSM returns an authorization locked to UDI/vUDI
CSSM
• Entitles specific license consumption on product
1 2
Get UDI/vUDI Type or Paste
Request Request String
3
Choose Licenses
5 4
Copy Auth String
Paste Auth String
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Specific License Reservation
• Transfers between Virtual Accounts is allowed
• License consumption and product must transfer together
• Increased license consumption is allowed
• Authorized quantity will be persistent
• Product will strictly enforce reserved licenses/quantities – overage not
allowed
• User may change registration, up or down by re-registering
• User may un-register product to release licenses to their pool
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
License Reservation Summary
• PLR has a price premium because it enables all features on the
product whether you want them or not
• Not available on all products
• Node lock (cannot transfer licenses if it’s already in use)
• RMAs can be a challenge if you cannot get the return code off the
box
• Changing SLR entitlements can be difficult
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
Conclusion
Smart License is here today!
Key decisions you need to make...
Smart Account Virtual Accounts Product Telemetry
• All Cisco Products are • Determine ”Span of • What's your network
moving to Smart Licensing Control” access policy?
• Smart Account is not option • Who will manage the Smart • What product telemetry
• You will need it to register Account? method(s) will you use?
products? • Partner Managed? • Will you need a Smart
• Who needs to approve your • Central Managed? Software Manager On-
Smart Account creation? • Distributed Managed? Prem? How many?
• Smart Accounts are not • Who will manage the Smart Locations?
Optional!
License?
• Products may have limited
functionality until registered! • Who do I get the <id token>
from?
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 135
Determining the best Method to Use
Your
Cisco
HTTPs Software
Method 1 & 2
Usage
Transport Gateway
or HTTPs Proxy Cisco.com
Cisco Product
• Software
Usage
Method 5
Your
• Request License
Cisco
Software
Usage
Copy/Paste
• Device has No Network Access License Response Cisco.com
Cisco Product
• Similar to PAK Files
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Questions?
Continue your education
Demos in the
Walk-in labs
Cisco campus
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
You may be interested in the following sessions…
Simply your Cisco Asset and Entitlement Management
Experience with our Powerful New Platform
Timothy Knapp, BUSINESS OPERATIONS MANAGER, Cisco Systems, Inc.
Rehman Mohammed, SR. DIRECTOR, OPERATIONS, Cisco Systems, Inc.
Monday, June 10, 01:00 PM - 02:00 PM | SDCC - Upper Level, Room 28B
Session ID: PSONWT-2010
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
Cisco Smart Software Manager On-Prem
For More Information
Cisco® Smart Licensing
www.cisco.com/go/smartlicensing
(http://www.cisco.com/c/en/us/products/abt_
sw.html)
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 140
Cisco Smart Call Home
For more Information
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
Complete your
online session • Please complete your session survey
evaluation after each session. Your feedback
is very important.
• Complete a minimum of 4 session
surveys and the Overall Conference
survey (starting on Thursday) to
receive your Cisco Live water bottle.
• All surveys can be taken in the Cisco Live
Mobile App or by logging in to the Session
Catalog on ciscolive.cisco.com/us.
Cisco Live sessions will be available for viewing
on demand after the event at ciscolive.cisco.com.
#CLUS BRKARC-2034 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
Thank you
#CLUS
#CLUS